Oct 21 A time to Red Team

Note: I wanted the first post on this section of the blog to be by Dr. Mark Mateski, founder and editor of The Red Team Journal. He is a person and a professional I respect and his Red Teaming mindset is always on target. His story shows the need for Red Teaming. The posts coming after this one, in a few days, will all show why Red Teaming is so important. Thank you Mark for the story you are sharing.

Dr. Mark Mateski:

I’m notorious among my colleagues for not sharing red teaming stories due to OPSEC concerns, but I am willing to describe one of the first times the need for systematic red teaming struck me. Out team had run dozens of analytical events for a client when they asked us to compile a list of lessons learned. I remember sitting in a conference room as we assembled for what I anticipated to be a very interesting session. It was a worthy effort, but I was disappointed as the lessons gradually emerged. Time has passed, but I can’t recall any lessons regarding our make-believe REDs. (I use “RED” to denote a notional adversary.) I do remember thinking that we could have handled the RED side of things in a much more interesting and systematic way. This was post-Desert Storm, by the way, so the culture was a bit smug.

I was a very junior analyst then, so I didn’t have much voice. That fact was reinforced a bit later when I was sitting in a different conference room with a group of senior decision makers, one of whom was well known and widely respected. Once again, the RED perspective was overlooked. I got up the nerve during lunch to ask whether a clever RED could hurt us by doing something cheap but unexpected. The response was a hearty round of jibes and chuckles. It was pre-9/11, but even then I was surprised by the lack of respect for RED. I’d like to say that I vowed then and there to promote superior red teaming henceforth and forever, but it was simply another seed planted for future recall.